State Bank of Pakistan, the Central Bank of the country, regulates the monetary and credit system of Pakistan and fosters its growth in the best national interest with a view to securing monetary stability and optimum utilization of the country’s productive resources.In order to further strengthen the institutional capacity in the area of IT Security and to meet emerging challenges, applications are invited from high calibre and dynamic professionals for the following positions, permanently based at Karachi.

Deputy Director (OG-3)-IS Governance, Policies, Standards

Key responsibilities of the incumbent will include, but not limited to, the following:

• Support in evaluating/updating Enterprise wide cyber security program, policies, procedures and guidelines.
• Conduct Enterprise wide Cyber Security based Risk Assessments with core focuses on Business Critical Applications and IT Infrastructure.
  
• Smooth execution of Software vulnerability Management Program and maintain software vulnerability assessment system for security metrics status of software vulnerabilities.
  
• Conduct/participate in Internal/External penetration testing and security assessment exercises/audits of Enterprise wide IT Infrastructure and Applications including Endpoints, Physical/Virtual Servers Infrastructure, Databases, Network Nodes, Security Appliances, Banking Systems, Storages, Web Applications and DWH/BI systems.
  
• Perform periodic analysis of security controls of Enterprise wide IT infrastructure and report vulnerabilities and weakness.
• Perform basic digital forensics on reported or identified security incidents.
  
• Administer and maintain pro-active security monitoring using Cyber Security Threat intelligence and Threat Monitoring System.
  
• Observe user activities, review logs, report breaches and exceptions on daily basis.
• Monitor real-time interfaces of critical security controls like Next Generation Firewalls, IDS/IPS, Enterprise Email Gateways, Internet Proxies, WAF, AAA Servers and Enterprise Endpoint Protection systems.
  
• Conduct periodic Cyber Security awareness campaigns and Trainings for employees of SBP and its subsidiaries.
  
• Stay updated with emerging cyber security threats, proactively scan SBP Enterprise wide Infrastructure for IOC and provide advisory to respective IT Administrators for implementing necessary controls for mitigation.
  
• Work in a high-performance IT security team to perform daily operational and project-related tasks.
  
• Collaborate and coordinate with cross-functional teams to achieve personal and organizational goals.

Qualification	Master's or Bachelor's (16 years) degree in Information Technology / Information Security / Computer Sciences / Telecommunication or other relevant field from HEC recognized university or from a reputable Foreign University. International certification i.e. CISSP, CISM, CRISC, CISA, CEH, CHFI, ECSA, CND or OSCP will be preferred
Age	Maximum 35 years, relaxable in case the candidate posseses exceptional qualification or experience.
Experience	At least 05 years of relevant post qualification experience in core Enterprise wide IT/Infrastructure /Information Security Operations/Governance/Management role. Hands on experience on penetration testing tools like Metasploit Framework, SIEM, Vulnerability Assessment, Nmap, Wireshark, Web Application and Wireless Network Security tools etc.

Assistant Director (OG-2)-IT Security Operations

Key responsibilities of the incumbent will include, but not limited to, the following:

• Maintain open source/commercial security testing and monitoring tools including but not limited to Vulnerability Assessment, SIEM and Threat Intelligence.
• Carry out Vulnerability Management program of SBP IT Infrastructure.
  
• Administer and maintain security monitoring and log solution using standard SIEM technology.
  
• Perform Pen-testing exercises for identifying security gaps in infrastructure and application from internal and external environment.
  
• Carry out Web Application security assessment for testing web applications security.
  
• Analysis of security controls of Wireless Networks and report vulnerabilities and weakness.
  
• Perform Digital forensics on reported or identified security incidents.
  
• Observe user activities, review logs, report breaches and exceptions on daily basis.
  
• Monitor real-time interfaces of critical security controls like Firewalls, IDS/IPS & Antivirus.
  
• Perform security awareness exercises and sessions on regular basis.
  
• Work in a high-performance IT security team to perform daily operational and project-related tasks.
  
• Collaborate and coordinate with cross-functional teams to achieve personal and organizational goals.

Qualification	Master's or Bachelor's (16 years) degree in Information Technology / Information Security / Computer Sciences / Telecommunication or other relevant field from HEC recognized university or from a reputable Foreign University. International certifications (CISSP, CEH, CPTE, RHCE or OSCP) will be an added advantage.
Age	Maximum 31 years, relaxable in case the candidate posseses exceptional qualification or experience.
Experience	At least 03 years of post qualification experience in a reputable firm as an IT security professional in relevant field/area. Hands on experience on Penetration testing tools like Metasploit Framework, SIEM, Vulnerability Assessment, Nmap, Wireshark, Web Application and Wireless Network Security tools etc.

Application Procedure

Interested candidates meeting the above mentioned eligibility criteria may send their detailed CVs alongwith copies of relevant documents including CNIC, Domicile and Educational Testimonials etc., to the Senior Joint Director (Recruitment), Human Resources Department, State Bank of Pakistan, 10th Floor, SBP Main Building, I.I. Chundrigar Road, Karachi, or at [email protected]. Please clearly mark the envelope with the position applied for. Only short listed candidates will be contacted. Female candidates are encouraged to apply.

Application Deadline: September 07, 2017

Misinformation and any attempt to influence the selection process will be considered a definite disqualification for current as well as for all future recruitments in the Bank, even if the candidate is otherwise qualified.